03-22-2011 08:44 AM - edited 03-04-2019 11:50 AM
Hello everyone,
I've got a problem,We are having site-to-site VPN tunnel connected with our Client. Usuall the users connect remote virtual desktop(may be Vmware) through the L2L tunnel. The problem is that the remote desktop gets disconnect intermittently(around 4 to 5 times a day) and automatically reconnects after around 40Seconds or so. I can't find any problem with the L2L tunnel as it is showing up for the last 6 hours or so.Also there is no packet drops(RTO) when I ping the peer IP.
If anyone have any idea whats going on please let me know.
.
Thanks.
03-26-2011 04:30 AM
Hello,
Sorry for the late reply.
Do these connectivity outages in rdesktop occur after some period of inactivity, or do they just pop up during an active work with the remote desktop? If they appear to occur only after a some period of inactivity, that could indicate for a timeout in some stateful firewall's entry.
Also, does any other connectivity break in the same time the remote desktop connection is interrupted? I am trying to find out whether this problem affects more network flows or whether it is related only to the remote desktop service.
Best regards,
Peter
03-26-2011 08:04 AM
Hi Peter,
Thanks for the response. The connectivity outage occurs even during active work with remote desktop(suddenly pop up window with message like "Connectivity lost trying to reconnect" ). I have observed that no other network flows get affected but only the rdesktop connectivity. I'm suspecting it may be the problem with Vmware machines at cleint end but unfortunately I don't have access to those Vmware machines to check any kind of logs.
Regards,
Rooland
03-26-2011 08:35 AM
Hi Rooland,
When the remote desktop connectivity is lost, is there a slight pause (a frozen desktop or any kind of delay) before the client tells you that the connection has dropped and it is reestablishing the connection? Suddenly dropping the connection and immediately reporting problems with it would suggest that the client was informed about connectivity problems - perhaps a TCP connection being torn down, or an ICMP Unreachable message arriving. A delay would suggest that the client decided to tear down the connection after not receiving a reply from the other side for some time.
I guess it would be good to run a packet sniffer on the client machine somewhere around the time the connection is lost and reestablished - but I am not sure if that is feasible.
Best regards,
Peter
03-26-2011 08:37 AM
Hello Rooland,
One thing that comes to my mind - is it possible that the clients are using DHCP-acquired IP settings, and for some reason, when they renew the lease, they obtain a new IP address instead? Or can there be any changes in the network infrastructure during the remote desktop session - gateway changes, HSRP/VRRP/GLBP kicking in, etc.?
Best regards,
Peter
03-27-2011 12:05 AM
Hi Peter,
Yes,there is a slight pause(i.e., the remote desktop gets frozen for few seconds before the message pop up that connectivity is lost trying to re-connect)
Let me run the packet sniffer tomorrow.Also as you said to look out for HSRP/VRRP/GLBP ,let me monitor the IP address of the gateway whether it changes when the connectivity is lost.
Regards,
Rooland
01-14-2012 11:51 AM
Hi Peter,
Hope you doing well. What I did was created a new VPN(site to site VPN ) on separate ASA and the issue didn't appear i.e, remote virtual destops were not getting disconnected. But what interesting is the fact that the previous ASA where I used to have the issue is working fine for other site to site VPN's(but not VM are accessed throgh those site to site VPN's).
Recently I upgraded the ASA image and thinking to shift back the VPN to the older ASA and check if the issue still persist.
01-14-2012 02:31 PM
Hello Rooland,
If you can afford moving the older ASA back in place and testing whether the issue reappears, I would be grateful, as this is an interesting issue and it would be nice to see if the image upgrade solved it. But the fact is that currently, your network works fine and it may be wiser not to tinker with it just out of curiousity... the decision is up to you
Best regards,
Peter
02-10-2012 10:29 AM
Hi Peter,
Unfortunately image upgrade didn't help to solve the problem :-)
Nevertheless shifted the site to site VPNs tunnel back to the working ASA...
02-10-2012 06:37 PM
Hi Rooland,
Just a thought....
What about the host systems for VMs? They may have firewall settings enabled that causes those kinds of dropouts and it looks like they are happening at certain times, not randomly.
Hope this helps
Eugen
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide